From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9933EC021B2 for ; Sat, 22 Feb 2025 07:19:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2F5346B008C; Sat, 22 Feb 2025 02:19:35 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 27D816B0092; Sat, 22 Feb 2025 02:19:35 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0F6F8280001; Sat, 22 Feb 2025 02:19:35 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id E17D66B008C for ; Sat, 22 Feb 2025 02:19:34 -0500 (EST) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 94CC1120979 for ; Sat, 22 Feb 2025 07:19:34 +0000 (UTC) X-FDA: 83146730268.30.6E803E4 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by imf05.hostedemail.com (Postfix) with ESMTP id 64E63100004 for ; Sat, 22 Feb 2025 07:19:30 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=none; spf=pass (imf05.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.187 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1740208772; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2pungLcf491Kx3pjC0uFC8iNgXMhAxHKpN57FPCbreI=; b=pxSmvP7aj1zwgo3p3J0Vpmx/qkrV3kbaxdJHXHyuUK5m0u67aTqos0t71omnUmmYYPN9J6 jgRztrC7OBINyHKzRAiRzwOBPkb4C0NxBsihFSROmgaPhg77qALcPHyF6DU1BqWB2UOG8K /j5O+qkNZX8/T6kMxYzGap/GuK9PLZs= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=none; spf=pass (imf05.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.187 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1740208772; a=rsa-sha256; cv=none; b=ccZstaVLolhbhsO3BI6BczdW2JqaxThxn+qRRBiM/82QDXVJJ8kYzIlf5KEiDBbloc2BhE 4GVe9BVsQKni7e0jnIG070gJI+e/UwsIcP65p0rnvt2u2fo9XKTwiBxcPEi3e+LXmnkDp6 wflm9l880srrdqQBOxy9tCCz2os6BLM= Received: from mail.maildlp.com (unknown [172.19.163.174]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4Z0JDw3nVGzvWpS; Sat, 22 Feb 2025 15:15:44 +0800 (CST) Received: from kwepemk500005.china.huawei.com (unknown [7.202.194.90]) by mail.maildlp.com (Postfix) with ESMTPS id 20EC4140154; Sat, 22 Feb 2025 15:19:27 +0800 (CST) Received: from [10.174.179.234] (10.174.179.234) by kwepemk500005.china.huawei.com (7.202.194.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Sat, 22 Feb 2025 15:19:25 +0800 Message-ID: Date: Sat, 22 Feb 2025 15:19:24 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 Subject: Re: [PATCH -next v2] uprobes: fix two zero old_folio bugs in __replace_page() From: Tong Tiangen To: Oleg Nesterov CC: David Hildenbrand , Andrew Morton , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , Mark Rutland , Alexander Shishkin , Jiri Olsa , Peter Xu , Ian Rogers , Adrian Hunter , "Liang, Kan" , Masami Hiramatsu , , , , , , , Guohanjun References: <20250221015056.1269344-1-tongtiangen@huawei.com> <20250221152841.GA24705@redhat.com> <46a48eb4-5245-81ba-9779-ace8f162c31b@huawei.com> In-Reply-To: <46a48eb4-5245-81ba-9779-ace8f162c31b@huawei.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.179.234] X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To kwepemk500005.china.huawei.com (7.202.194.90) X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 64E63100004 X-Stat-Signature: xw6s6hpubd7w6s1z9sgnzswoifg3pt3x X-Rspam-User: X-HE-Tag: 1740208770-489833 X-HE-Meta: U2FsdGVkX18gsJAQIHptVJk91UTwDLCW4gKXNqU3wy+XourcdKaSwNrDdNj3+oduplQwkCyF4T0FiF7z2VfbuWUNMf22JlaJqgb7F3xnEKSC+nikwH+Fpw61vVmFjF+P8jSYo9KKxslCbRBuMyxYRogCaJX7xI50iKSVaYt8t4XP2FcdkiNIpUnyrYZdJKnR4ua8TxE1Alp/9xzachmsVRX4uZdBPL2mhpQvwXYlVcTKiCgq4/71yAlwRiXdiPYyR3FZhP3Gks/WVXNvzMuwC7qeducZnGaNC7mkd9o+VgSGv8wfId0JeCVXSfLZkBNOOh9M7H9oorKtMExb1jTfxjDY0au9nZ19kV4I9QkX7Cof4n61D5XvhTXXL/5PgF4T9xuv24aGIiGnlHMBuzuwLJECjSkOrHkXEyJhIIpG/IO9tjAwLCKeO85qd69MzQkyT7/EG5FjHVfa5/t3PiFYRSPbo9KBTsyKQyMStSVnsZBoHtp9tilf/WSN655Ck39k/FYuqyHO/iAuSALQzWUoUoqT/zFWZmIhcVkNmpXLlMCFAryqxhmP+pBmfRc2aczi3S0ED/TGBqXQtnSnCHNGyTI9j/uNvoS6sMrnomjU2s8geZbOPT8rP6aR0xiq78ptcyEnqbUMMCzq0L4bl8LrGtpo6pxRzkP53s5VAKGbheFy4yRywMp/ILkWxB9s4BR/IwBEKubXjy6byNGXt8aTAjCPIWY4xnKjG6v36POjAEDTnkIVRCPQXqZKbAlww2PP8WjOrnVK6jANGLOkQn+k28yQIMvvZQmiMTKFW/sc+Zm4TOG8eVOj92TUm5m5gQlnWPNOQ2sIe+NZwGjEFpxVGaRNWFY8gjDF2KygxN9hH4EO6P/rQBai2OGsq9ccv0FpD8XYgIQhMxL/V7LZ44O1R3LsnCorAQYDEveKFkLajXlgK/EvrjwEuQf/2eOLGaAYGRwYM4IQbxdSi10sQ4/ xHXWy0Fn 4aFKmqRNdE9Am2LBT2HvO/OVFvkLi2GCOnL3WVE9vHAL90u/sd5bG5+JVi97roqW78g3A6nY8UIw4TJLVNkVWVTsKLe27uhP/4lE2Gs9W4z15dQljRL+Lvbcgs6lxFgO/cYH5ToeklEHwxyeVbGL8Ei/yf6R6z8YmxhHFuAwpGF5J0pnJ/2UomBX9Hhs2pQcqlpwTf7mNhiJY1R8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: 在 2025/2/22 10:37, Tong Tiangen 写道: > > > 在 2025/2/21 23:28, Oleg Nesterov 写道: >> On 02/21, Tong Tiangen wrote: >>> >>> --- a/kernel/events/uprobes.c >>> +++ b/kernel/events/uprobes.c >>> @@ -506,6 +506,11 @@ int uprobe_write_opcode(struct arch_uprobe >>> *auprobe, struct mm_struct *mm, >>>       if (ret <= 0) >>>           goto put_old; >>> >>> +    if (is_zero_page(old_page)) { >>> +        ret = -EINVAL; >>> +        goto put_old; >>> +    } >> >> I agree with David, the subject looks a bit misleading. >> >> And. I won't insist, this is cosmetic, but if you send V2 please consider >> moving the "verify_opcode()" check down, after the >> is_zero_page/PageCompound >> checks. >> >> Oleg. > > OK, check the validity of the old page first and modify the subject in > v3 . > > Thanks. I'm going to add a new patch to moving the "verify_opcode()" check down , IIUC that "!PageAnon(old_page)" below also needs to be moved together, and as David said this can be triggered by user space, so delete the use of "WARN", as follows: @@ -502,20 +502,16 @@ int uprobe_write_opcode(struct arch_uprobe *auprobe, struct mm_struct *mm, if (IS_ERR(old_page)) return PTR_ERR(old_page); - ret = verify_opcode(old_page, vaddr, &opcode); - if (ret <= 0) + ret = -EINVAL; + if (is_zero_page(old_page)) goto put_old; - if (is_zero_page(old_page)) { - ret = -EINVAL; + if (!is_register && (PageCompound(old_page) || !PageAnon(old_page))) goto put_old; - } - if (WARN(!is_register && PageCompound(old_page), - "uprobe unregister should never work on compound page\n")) { - ret = -EINVAL; + ret = verify_opcode(old_page, vaddr, &opcode); + if (ret <= 0) goto put_old; - } /* We are going to replace instruction, update ref_ctr. */ if (!ref_ctr_updated && uprobe->ref_ctr_offset) { @@ -526,10 +522,6 @@ int uprobe_write_opcode(struct arch_uprobe *auprobe, struct mm_struct *mm, ref_ctr_updated = 1; } - ret = 0; - if (!is_register && !PageAnon(old_page)) - goto put_old; - ret = anon_vma_prepare(vma); Thanks. > >> >> >> . > > .